← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16733: use POST request for updating password, PUT request with form data can cause issues on certain co...

 

------------------------------------------------------------
revno: 16733
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2014-09-17 14:03:32 +0700
message:
  use POST request for updating password, PUT request with form data can cause issues on certain containers (tomcat) and should not be used.
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java
  dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js
  dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java	2014-09-17 06:15:25 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AccountController.java	2014-09-17 07:03:32 +0000
@@ -441,7 +441,7 @@
         ContextUtils.createdResponse( response, "Account created", null );
     }
 
-    @RequestMapping( method = RequestMethod.PUT )
+    @RequestMapping( value = "/password", method = RequestMethod.POST )
     public void updatePassword(
         @RequestParam String oldPassword,
         @RequestParam String password,

=== modified file 'dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js'
--- dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js	2013-12-19 11:50:58 +0000
+++ dhis-2/dhis-web/dhis-web-commons-resources/src/main/webapp/dhis-web-commons/javascripts/useraccount/expired.js	2014-09-17 07:03:32 +0000
@@ -59,9 +59,9 @@
 	$( "#submitButton" ).attr( "disabled", "disabled" );
 
 	$.ajax( {
-		url: '../../api/account',
+		url: '../../api/account/password',
 		data: $( "#accountForm" ).serialize(),
-		type: 'put',
+		type: 'POST',
 		success: function( data ) {
 			window.location.href = "../../dhis-web-commons-about/redirect.action";
 		},

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2014-09-09 23:57:34 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml	2014-09-17 07:03:32 +0000
@@ -52,6 +52,7 @@
     <sec:intercept-url pattern="/api/account/username" access="permitAll()" />
     <sec:intercept-url pattern="/api/account/recovery" access="permitAll()" />
     <sec:intercept-url pattern="/api/account/restore" access="permitAll()" />
+    <sec:intercept-url pattern="/api/account/password" access="permitAll()" />
     <sec:intercept-url pattern="/api/account" access="permitAll()" />
     <sec:intercept-url pattern="/**" access="isAuthenticated()" />
     <sec:custom-filter ref="automaticAccessFilter" before="LOGOUT_FILTER" />